FieldDir121 wrote:Eric,Thanks. I hadn't noticed that "here" was a link.

You're welcome Scott.

The script returns 127.0.0.1. I have been using the first address in brackets, 67.15.196.12. I don't know enough to know what the difference is. If anyone has a [simple] explanation I would appreciate it.

127.0.0.1 = localhost
Default name describing the local computer address also known as the loopback address of the computer.It means it's your own computer.

Edit: Removed WHOIS info

Last edited by Eric on Sun Jan 15, 2006 10:56 am, edited 1 time in total.

Thanks. It isn't so much as who the ip address belongs to as which one to use. The script seems to get the first address rather than the most recent (who actually sent it to me). I will have to figure out how to change that.

Thanks. It isn't so much as who the ip address belongs to as which one to use. The script seems to get the first address rather than the most recent (who actually sent it to me). I will have to figure out how to change that.

The comments in DisplayOriginatingIPaddress indicate it is intentionally displaying the oldest (originating) IPaddress for spam purposes. Not sure how well that would have worked since that can end up being the local network IPaddress.

I created a modified version that displays the most recent address, DisplayMostRecentIPaddress.

I looked through the scripts in the extras area again. I didn't notice any that copied anything from a message to a file but I could have easily missed them. If you know of any I would appreciate a referral to use as a starting point.

FieldDir121 wrote:I looked through the scripts in the extras area again. I didn't notice any that copied anything from a message to a file but I could have easily missed them. If you know of any I would appreciate a referral to use as a starting point.

Couldn't find anything either, but maybe it's possible from within the script.

The code is below. I tried using both spaces and tabs but they are all converted to a single space in the preview window. I can send the script as a file so that the indentations and comment spacing will be preserved. Every line is commented since I am still learning. Once I get more proficient the comments will be less prolific.

If the code fails to find the received line or the brackets it just goes on anyway. Error handling didn't seem worth it at this point. I may add it later when I finish the file handling portion.

I cleaned up the subject portion. DisplayOriginatingIPaddress truncated the last two characters from the subject. I also added single quotes around the subject (because I didn't know how to add double quotes). Also, I found the lower case L a bit confusing as it resembles a 1 in some fonts, so I changed it to a "z".

I included the square brackets because I like them. Also, my filter sees this: [192.168.1.1] differently than it sees this: 192.168.1.1. 192.168.1.1 can be anything from 192.168.1.10 to 192.168.1.19 and 192.168.1.100 to 192.168.1.199. The brackets restrict the address to a single value. Since this will be an automated extraction script I do not want to unintentionally include any addresses not specifically targeted. So far my false positive rate seems to be zero (0) in over six months.

[code]
{ DisplayMostRecentIPAddress - Version 1.00
{ Author: Scott Taylor - January, 19, 2006
{
{ Used DisplayOriginatingIPAddress - Version 1.00 as a starting point
{ Author: Michael Motek - July 27, 2001
{
{ Purpose: Extract the most recent IP address from the receive header to gather addresses used
{ by spam sources.
{
{ Method: The script finds the first (most recent) "Received" header of a message. The string in that
{ line bracketed by square brackets ("[" and "]") is reported along with the message subject.

Here is the latest version of DisplayMostRecentIPAddress. Try it on an outgoing message to trigger the error handling. Not sure if an incoming message can ever not have a received address in brackets, but I added the code anyway.

{ DisplayMostRecentIPAddress - Version 1.10{ Author: Scott Taylor - January 20, 2006{ V 1.10: Cleaned it up a bit and added minor error handling.{{ Used DisplayOriginatingIPAddress - Version 1.00 as a starting point{ Author: Michael Motek - July 27, 2001{{ Purpose: Extract the most recent IP address from the receive header and display.{{ Method: The script finds the first (most recent) "Received" header of a message. The string in that{ line bracketed by square brackets ("[" and "]") is reported along with the message subject.

Here is AddIPAddressToFile. I have had it running for a little over a day. It appears to work as expected both automatically when called by filters and manually when initiated with the button. Since it will run many times in a very short period, the message box portion was eliminated so operator attention wouldn't be required.

{ AddIPAdrToAdrFile - Version 1.00{ Author: Scott Taylor - January 20, 2006{{ Used DisplayOriginatingIPAddress - Version 1.00 as a starting point{ Author: Michael Motek - July 27, 2001{{ Purpose: Save IP addresses from spam e-mails to a file to use as a filter for future incoming e-mails.{{ Method: The script finds the first (most recent) "Received" header of a message. The string in that{ line bracketed by square brackets ("[" and "]"), the IP address, is added to a file.

Set $FileName "..\SpamAddress.txt" { use Pocomail main directory{ Use the next three lines to add the new address to the beginning of the file.OpenBody $ExistingAdrs $FileName { get existing file contentsInsertLine $ExistingAdrs 1 $MostRecentIPAddr { insert new address at the beginning of the fileSaveBody $ExistingAdrs $FileName { Save updated list, overwritting the old file.

{ Use the next two lines to add the new address to the end of the file{AppendToFile True { set to append rather than overwrite{SaveBody $MostRecentIPAddr $FileName { add new address to exsiting file:Skip